Re: [DNG] vdev
> From: richard lucassen> Subject: Re: [DNG] vdev > > So, please join the Group Of Three who are testing vdev. Without vdev > or any other standalone udev version Devuan is stillborn. This whole > vdev beast is much more complicated than a single daemon. We need > testing, input, otherwise we'll go down the drain. It is as simple as > that. Hi Richard, OK, I'm willing to join the Group-of-Three and file bug reports. But may I just ask this... Someplace, somewhere on the Internet (maybe on devuan.org, github, wherever) can we just have a simple how-to for installing and setting up vdev? I suppose this info is already out there someplace, but I don't know where, and it needs to be easy to find. The how-to doesn't need to be any more than a few sentences. Something like: Add the following line to your /etc/apt/sources.list deb http://whatever.devuan.org/blah-blah/ jessie main apt-get update apt-get install vdev Edit file blah-blah.conf in your /etc directory to read as follows... ...and so on Thanks in advance, Robert ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
richard lucassen wrote on 12/08/16 01:33: On Fri, 12 Aug 2016 15:33:52 +0200 aitor_czrwrote: I'm talking about e.g. /dev/ttyS0. After a boot it looks like: crw--- 1 root root 4, 64 Aug 11 11:32 ttyS0 After a manual restart of vdev it is what it should be: crw-rw 1 root dialout 4, 64 Aug 11 11:32 ttyS0 ... [Point taken re eudev] The set up I now have, does the right thing on boot. I think. Firstly, it loads vdev from initrd during the first stage boot, and then it exits. A snapshot of /dev taken before the next start shows all filemod settings to be fine. Secondly it loads vdev anew at the sysvinit startup, and then this stays on as a daemon. The filemod settings at this time remain good. Plugging in a USB disk via virtio redirection gains two new entries /dev/sdd and /dev/sdd1, with appropriate filemod settings. This is with vdev installed from the debs, followed by my hands-on, which resulted in the snapshot files and links. Exactly. I also have removed all *udev* links from /etc/rcS.d (as otherwise update-rc.d gets upset about two different udev provisions) The diff relative a clean debs install tells of a) two revisions for the provided files: the changes to /usr/etc/vdev/vdevd.conf, and to /usr/lib/vdev/udev-compat.sh, b) the additions of /usr/lib/vdev/daemonlet and /usr/etc/vdev/acls/00-whitelist-root.acl, and c) the additional /root tree for initrd building. Now, I would suggest a blanket revision to the debs, to remove the /usr prefix from all its file paths. Then change /etc/vdev/vdevd.conf and the initrd building scripts accordingly. Thereafter work out how to postinstall vdev to also purge systemd-udev without it messing with its dependencies. (You don't want the kernel uninstalled) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On 08/11/2016 07:13 PM, richard lucassenwrote: > >I'm talking about e.g. /dev/ttyS0. After a boot it looks like: > > > >crw--- 1 root root 4, 64 Aug 11 11:32 ttyS0 > > > >After a manual restart of vdev it is what it should be: > > > >crw-rw 1 root dialout 4, 64 Aug 11 11:32 ttyS0 > > > >$ cat /etc/vdev/actions/ttyS.act > >[vdev-action] > >event=add > >path=^ttyS[0-9]+$ > >VAR_PERMISSIONS_OWNER=root > >VAR_PERMISSIONS_GROUP=dialout > >VAR_PERMISSIONS_MODE=0660 > >helper=permissions.sh > > > >This action is NOT executed during boot, but after a manual restart > >it is executed. So: what is your ownership/permission of /dev/ttyS0 > >after a reboot? And how does it look like when you restart vdevd? > >Do you see the same phenomena? > > > >R. > >Ok, thanks:) You're welcome. But do you see the same phenomena?;-) Piano, piano :) Tomorrow i'll compare both cases. Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
Correction: apt-get -t nosystemd install udev SHOULD BE apt-get -t experimental install udev -fsr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On 08/11/2016 11:48 AM, richard lucassen wrote: > On Thu, 11 Aug 2016 08:05:49 -0400 > Steve Littwrote: > >>> And has someone ever played with eudev? Slackware has moved to >>> eudev. Maybe it's better to try that instead of vdev? >> >> Before trading in vdev for eudev, consider this question: What if Red >> Hat bought their way into maintainership of eudev, poetterized it, and >> emptied out previous versions on Git. That's what they did with >> dracut. > > If ever this would happen there will immediately be a fork called fudev. > > And what if RH bought their way into maintainership of the kernel? > >> Are Gentoo and Slackware good stewards for eudev? Slackware has >> consistently avoided a commitment never to go with systemd, and Gentoo >> (as opposed to Funtoo) is very proud of their init agnostic stance, >> which of course they'll kick to the curb at the slightest pressure >> from Redhat. > > I have no idea. But instead of bashing systemd, Poettering and RedHat > c.s., it would be more effective for people here to spend some time in > testing vdev, wouldn't it? (this is not meant to be Steve bashing btw) > >> I love the idea of experimenting with eudev: It's free software, maybe >> we can improve vdev with what we learn from it. But for reasons stated >> in my previous two paragraphs, I think moving our target from vdev to >> eudev would be a bad idea. > > So, please join the Group Of Three who are testing vdev. Without vdev > or any other standalone udev version Devuan is stillborn. This whole > vdev beast is much more complicated than a single daemon. We need > testing, input, otherwise we'll go down the drain. It is as simple as > that. > > R. > Sorry, I missed two day, and now I've fallen way behind you guys. All I've done so far was install and test Aitor's first deb package, and I already reported on that. One thing I forgot to mention is that, even though it doesn't fully boot (I get error messages about missint ttys) I am able to connect to it through ssh. Anyway, I'm going to start with Jude's directions and see if I can catch up. Meanwhile, I did do something useful, and I can answer your question about eudev - yeah, I tried it, and it seems to work (with minimal testing). I used the debs that David Hare made about a year ago. And let me add that I agree with Steve that we should keep working on vdev. add this line to your sources: deb http://exegnulinux.net/nosystemd/ experimental main Install this key http://exegnulinux.net/nosystemd/pool/main/e/exegnu-archive-keyring/exegnu-archive-keyring_0.0.1_all.deb apt-get update apt-get install eudev (seems to install the libraries) apt-get -t nosystemd install udev (honest) It will rebuild the initrd. Reboot. Note: I'm testing on a live usb with persistence, so I can easily delete my changes and start over. Note2: I'm still laughing about fudev. -fsr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] mouse configuration under LXDE?
Ah.. nevermind... PEBKAC.. I have one of these keyboards https://compass-ssl.xboxlive.com/assets/62/8d/628d39fb-0944-4cc1-9260-60ba6fcffd27.jpg?n=SED_STop_FY16New.jpg And the little "fn" switch in the upper right was accidentally betwixt the two positions. No idea how that relates to the mouse, but sliding it all the way to the right seems to have fixed things. Apologies for the static. On 08/11/2016 10:07 AM, dev wrote: Hello, I have a logitiech M570 wireless mouse hooked up to my Devuan desktop running LXDE. For the past week or so clicking the middle button (scroll wheel + button) sometimes pastes in two copies of the text, sometimes one copy, and sometimes nothing at all. I installed some updates earlier this week; don't remember what they were. Maybe something in there is messing with USB mouse? I've tried plugging the USB receiver into different ports as well as rebooting, and tried a new battery. Still the same. Is there some other way to fiddle with mouse settings other than what's under "Bird Menu" > preferences > keyboard and mouse? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GDBus error in LXDE desktop
Just selected "LXDE" during Devuan installation. It uses slim (Devuan's default, right?). I'm amazed how fast Devuan starts using LXDE and uses only 243MB of memory to get the desktop up and running! I'm creating a Devuan appliance for my students (to teach C and assembly), so I need a tiny iso/vdi/vmdk file to simplify sharing it. Cheers. On Fri, Aug 12, 2016 at 10:31 AM, aitor_czrwrote: > > Hi Emiliano, > > On 08/11/2016 02:00 PM, Emiliano Marini > wrote: > > ore information on this: > > root@devuan:/home/usuario# grep GDBus -A 3 -B > 3*/home/usuario/*.cache/lxsession/LXDE/run.log > ** Message: autostart.vala:42: Autostart path > :*/home/usuario/*.config/lxsession/LXDE/autostart > ** Message: app.vala:76: Launching lxpanel > > ** (lxpolkit:2179): WARNING **: Unable to register authentication agent: > GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user > of subject > ** Message: app.vala:76: Launching pcmanfm > ** Message: app.vala:76: Launching xscreensaver > ** Message: options.vala:107: Create build-in Clipboard > root@devuan:/home/usuario# > > > Are you using a login-manager (like slim, lightdm...), or are you trying > it with startx (xinit) ? > > Aitor. > > > > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Debian install
W dniu 08.08.2016 o 17:38, richard lucassen pisze: On Mon, 8 Aug 2016 17:23:24 +0200 Adam Borowskiwrote: I think this question can be removed?: "Participate in the package usage survey?" It's opt-in, and provides useful data. It's ok for me, but Devuan != Debian Hi Richard, if You found unique issue regarding installer please report it here https://git.devuan.org/devuan-packages/debian-installer/issues Thanks, Paweł ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, 11 Aug 2016 08:05:49 -0400 Steve Littwrote: > > And has someone ever played with eudev? Slackware has moved to > > eudev. Maybe it's better to try that instead of vdev? > > Before trading in vdev for eudev, consider this question: What if Red > Hat bought their way into maintainership of eudev, poetterized it, and > emptied out previous versions on Git. That's what they did with > dracut. If ever this would happen there will immediately be a fork called fudev. And what if RH bought their way into maintainership of the kernel? > Are Gentoo and Slackware good stewards for eudev? Slackware has > consistently avoided a commitment never to go with systemd, and Gentoo > (as opposed to Funtoo) is very proud of their init agnostic stance, > which of course they'll kick to the curb at the slightest pressure > from Redhat. I have no idea. But instead of bashing systemd, Poettering and RedHat c.s., it would be more effective for people here to spend some time in testing vdev, wouldn't it? (this is not meant to be Steve bashing btw) > I love the idea of experimenting with eudev: It's free software, maybe > we can improve vdev with what we learn from it. But for reasons stated > in my previous two paragraphs, I think moving our target from vdev to > eudev would be a bad idea. So, please join the Group Of Three who are testing vdev. Without vdev or any other standalone udev version Devuan is stillborn. This whole vdev beast is much more complicated than a single daemon. We need testing, input, otherwise we'll go down the drain. It is as simple as that. R. -- ___ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +--+ | Richard Lucassen, Utrecht| +--+ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Fri, 12 Aug 2016 15:33:52 +0200 aitor_czrwrote: > > I'm talking about e.g. /dev/ttyS0. After a boot it looks like: > > > > crw--- 1 root root 4, 64 Aug 11 11:32 ttyS0 > > > > After a manual restart of vdev it is what it should be: > > > > crw-rw 1 root dialout 4, 64 Aug 11 11:32 ttyS0 > > > > $ cat /etc/vdev/actions/ttyS.act > > [vdev-action] > > event=add > > path=^ttyS[0-9]+$ > > VAR_PERMISSIONS_OWNER=root > > VAR_PERMISSIONS_GROUP=dialout > > VAR_PERMISSIONS_MODE=0660 > > helper=permissions.sh > > > > This action is NOT executed during boot, but after a manual restart > > it is executed. So: what is your ownership/permission of /dev/ttyS0 > > after a reboot? And how does it look like when you restart vdevd? > > Do you see the same phenomena? > > > > R. > > Ok, thanks :) You're welcome. But do you see the same phenomena? ;-) -- ___ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +--+ | Richard Lucassen, Utrecht| +--+ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] mouse configuration under LXDE?
Hello, I have a logitiech M570 wireless mouse hooked up to my Devuan desktop running LXDE. For the past week or so clicking the middle button (scroll wheel + button) sometimes pastes in two copies of the text, sometimes one copy, and sometimes nothing at all. I installed some updates earlier this week; don't remember what they were. Maybe something in there is messing with USB mouse? I've tried plugging the USB receiver into different ports as well as rebooting, and tried a new battery. Still the same. Is there some other way to fiddle with mouse settings other than what's under "Bird Menu" > preferences > keyboard and mouse? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Microsoft Secure Boot key leaked
devwrote: > Just ran across this. Not sure what it means for Open Source bootloaders. > > "The key basically allows anyone to bypass the provisions Microsoft has put > in place ostensibly to prevent malicious versions of Windows from being > installed, on any device running Windows 8.1 and upwards with Secure Boot > enabled." Basically it means you can install pretty well any system. The headline is a bit misleading since they haven't leaked the "golden key" backing all this security stuff up, but have inadvertently left a specific policy on the devices which (if enabled) tells the bootloader to ignore any signing errors. So while normally, if you tried to use your own software, the bootloader would barf and refuse to run it as unsigned or not signed with a known key, in this case it has an instruction telling it to ignore those errors. "not 'arf bad" explanation in this article on TheReg http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/ Sadly it's not half as useful as if they had really leaked their "golden key" - because with that, anyone would be able to sign anything for any device trusting MS keys, and that WOULD be interesting ! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On 08/11/2016 01:23 PM, richard lucassen wrote: On Fri, 12 Aug 2016 10:40:43 +0200 aitor_czrwrote: > >>Aitor, does your vdev set the permissions and ownerships correctly? > > > >I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is > >missing in your snapshot. > >No, i'll give the following permissions: > >-rwxr-xr-x I'm talking about e.g. /dev/ttyS0. After a boot it looks like: crw--- 1 root root 4, 64 Aug 11 11:32 ttyS0 After a manual restart of vdev it is what it should be: crw-rw 1 root dialout 4, 64 Aug 11 11:32 ttyS0 $ cat /etc/vdev/actions/ttyS.act [vdev-action] event=add path=^ttyS[0-9]+$ VAR_PERMISSIONS_OWNER=root VAR_PERMISSIONS_GROUP=dialout VAR_PERMISSIONS_MODE=0660 helper=permissions.sh This action is NOT executed during boot, but after a manual restart it is executed. So: what is your ownership/permission of /dev/ttyS0 after a reboot? And how does it look like when you restart vdevd? Do you see the same phenomena? R. Ok, thanks :) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GDBus error in LXDE desktop
Hi Emiliano, On 08/11/2016 02:00 PM, Emiliano Mariniwrote: ore information on this: root@devuan:/home/usuario# grep GDBus -A 3 -B 3 /home/usuario/.cache/lxsession/LXDE/run.log ** Message: autostart.vala:42: Autostart path : /home/usuario/.config/lxsession/LXDE/autostart ** Message: app.vala:76: Launching lxpanel ** (lxpolkit:2179): WARNING **: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject ** Message: app.vala:76: Launching pcmanfm ** Message: app.vala:76: Launching xscreensaver ** Message: options.vala:107: Create build-in Clipboard root@devuan:/home/usuario# Are you using a login-manager (like slim, lightdm...), or are you trying it with startx (xinit) ? Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] [OT] Microsoft Secure Boot key leaked
Just ran across this. Not sure what it means for Open Source bootloaders. "The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled." http://arstechnica.com/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GDBus error in LXDE desktop
Solved disabling Polkit agent in LXDE configuration: https://postimg.org/image/5tymnm8l7/ Justo open "Preferences > Default applications for LXSession" and got to "Core applications" tab, then clear the "Polkit agent" field and close the window. No more warnings on next boot. On Thu, Aug 11, 2016 at 8:55 AM, Emiliano Mariniwrote: > More information on this: > > root@devuan:/home/usuario# grep GDBus -A 3 -B 3 /home/usuario/.cache/ > lxsession/LXDE/run.log > ** Message: autostart.vala:42: Autostart path : /home/usuario/.config/ > lxsession/LXDE/autostart > ** Message: app.vala:76: Launching lxpanel > > ** (lxpolkit:2179): WARNING **: Unable to register authentication agent: > GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine > user of subject > ** Message: app.vala:76: Launching pcmanfm > ** Message: app.vala:76: Launching xscreensaver > ** Message: options.vala:107: Create build-in Clipboard > root@devuan:/home/usuario# > > > > On Thu, Aug 11, 2016 at 8:35 AM, Emiliano Marini < > emilianomarin...@gmail.com> wrote: > >> Thanks Aitor, I've searched the gitlab to post this, but didn't found >> nothing related to LXDE. >> >> On Thu, Aug 11, 2016 at 7:49 PM, aitor_czr wrote: >> >>> >>> On 08/10/2016 07:50 PM, Emiliano Marini >>> wrote: >>> >>> Sorry but it's ok to report bugs on this list? >>> >>> Cheers, >>> Emiliano. >>> >>> >>> LOL, of course... I think so :) >>> >>> Aitor. >>> >>> >>> >> > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Security news about TCP weakness
Quoting Simon Hobson (li...@thehobsons.co.uk): > As Arnt Karlsen mentioned in the Bootloaders thread, there a new twist > which is the result of a security fix > > http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications/ > > In a bid to thwart the risk from injected packets carrying the right > quintuplet of source and dest IPs, source & dest ports, and sequence > numbers, it now seems that there are "occasional" challenge packets > sent. Simplifying a lot, basically one end will send packets to the > other asking "did you really send that ?" - so if someone is spoofing > fake traffic then it'll come to light. > > As these packets are globally rate limited - a third party can send a > flood of dodgy packets to cause this limit to be exceeded, and thus > disable the protection it provides. As I read it, the attack doesn't > really bring anything new other than the ability to disable the > security offered by RFC 5961 - and thus lower the threshold to that of > the original CVE from 2004. I suspect the best interim solution is to set /proc/sys/net/ipv4/tcp_challenge_ack_limit=9 via sysctl, until something better-thought-out than RFC 5961 comes out. -- Cheers, QA engineer walks into a bar. Orders a beer. Rick MoenOrders 0 beers. Orders 9 beers. Orders r...@linuxmafia.com a lizard. Orders -1 beers. Orders a sfdeljknesv. McQ! (4x80) -- @sempf, https://www.sempf.net/post/On-Testing1.aspx ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, 11 Aug 2016 10:00:10 +0200 richard lucassenwrote: > On Thu, 11 Aug 2016 08:30:16 +1000 > Ralph Ronnquist wrote: > > > Since '$?' is 'the result code of last command", it's IMO best > > placed immediately after the command whose result code to capture. > > Here, previously, it captured the result of the (failed, as it were) > > attempt to echo to the log file, rather than the result of > > event-put. > > Ok, but apparently this did not make any difference, although I get > the impression that there are only four people in the world to test > vdev. Do you also have this phenomena that permissions are not set > correctly at boot time? > > And has someone ever played with eudev? Slackware has moved to eudev. > Maybe it's better to try that instead of vdev? Before trading in vdev for eudev, consider this question: What if Red Hat bought their way into maintainership of eudev, poetterized it, and emptied out previous versions on Git. That's what they did with dracut. Are Gentoo and Slackware good stewards for eudev? Slackware has consistently avoided a commitment never to go with systemd, and Gentoo (as opposed to Funtoo) is very proud of their init agnostic stance, which of course they'll kick to the curb at the slightest pressure from Redhat. I love the idea of experimenting with eudev: It's free software, maybe we can improve vdev with what we learn from it. But for reasons stated in my previous two paragraphs, I think moving our target from vdev to eudev would be a bad idea. SteveT Steve Litt August 2016 featured book: Manager's Guide to Technical Troubleshooting Brand new, second edition http://www.troubleshooters.com/mgr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GDBus error in LXDE desktop
More information on this: root@devuan:/home/usuario# grep GDBus -A 3 -B 3 /home/usuario/.cache/lxsession/LXDE/run.log ** Message: autostart.vala:42: Autostart path : /home/usuario/.config/lxsession/LXDE/autostart ** Message: app.vala:76: Launching lxpanel ** (lxpolkit:2179): WARNING **: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject ** Message: app.vala:76: Launching pcmanfm ** Message: app.vala:76: Launching xscreensaver ** Message: options.vala:107: Create build-in Clipboard root@devuan:/home/usuario# On Thu, Aug 11, 2016 at 8:35 AM, Emiliano Mariniwrote: > Thanks Aitor, I've searched the gitlab to post this, but didn't found > nothing related to LXDE. > > On Thu, Aug 11, 2016 at 7:49 PM, aitor_czr wrote: > >> >> On 08/10/2016 07:50 PM, Emiliano Marini >> wrote: >> >> Sorry but it's ok to report bugs on this list? >> >> Cheers, >> Emiliano. >> >> >> LOL, of course... I think so :) >> >> Aitor. >> >> >> > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, 11 Aug 2016 20:41:33 +1000 Ralph Ronnquistwrote: > > It builds fine, but it does not work yet. I think there are a bunch > > of other things to do. It adds a usb stick as a character device :-) > > Yes I've worked out the building, and installing, without /usr > prefix, and so far only in a firejail overlay, just to see what it > installs. > > There's nothing for initrd though, is there? Isn't that needed? I haven't looked for that yet. > I guess I should crank up the vdev host again. It's just a qemu > client, so I'll need to do some hands-on to attach a usb connector. I > can't use the virt-viewer menu, because that'll redirect through a > virtio redirection device which indeed is a character device. I test vdev/eudev on a separate partition on a real machine (laptop). In that way I can always reboot the machine to a working partition whenever I fsck up the whole thing :) R. -- richard lucassen http://contact.xaq.nl/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] GDBus error in LXDE desktop
Thanks Aitor, I've searched the gitlab to post this, but didn't found nothing related to LXDE. On Thu, Aug 11, 2016 at 7:49 PM, aitor_czrwrote: > > On 08/10/2016 07:50 PM, Emiliano Marini > wrote: > > Sorry but it's ok to report bugs on this list? > > Cheers, > Emiliano. > > > LOL, of course... I think so :) > > Aitor. > > > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Security news about TCP weakness
I wrote: > Go Linuxwrote: > >> For those of you so inclined. Is this important, old news or just academic >> posturing? > > I think it's all three ! > It looks very much related to a CVE from 2004 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0230 OK, so it now looks like it is a new development - but still related. As Arnt Karlsen mentioned in the Bootloaders thread, there a new twist which is the result of a security fix http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications/ In a bid to thwart the risk from injected packets carrying the right quintuplet of source and dest IPs, source & dest ports, and sequence numbers, it now seems that there are "occasional" challenge packets sent. Simplifying a lot, basically one end will send packets to the other asking "did you really send that ?" - so if someone is spoofing fake traffic then it'll come to light. As these packets are globally rate limited - a third party can send a flood of dodgy packets to cause this limit to be exceeded, and thus disable the protection it provides. As I read it, the attack doesn't really bring anything new other than the ability to disable the security offered by RFC 5961 - and thus lower the threshold to that of the original CVE from 2004. I can't help thinking that some of the threat is over-stated though. The article mentions "The only piece of information that is needed is the pair of IP addresses ... which is fairly easy to obtain". So a starting point is that you have to know that two IPs are communicating - that may be obvious for some situation, but is far from "easy to obtain" in the general case. It then goes on to say "To successfully insert data into a connection you have to know the two IP addresses and the source and destination ports – known as a four-tuple – plus the next valid serial numbers stamped on the exchanged packets." One port number will be obvious in many cases - eg port 25 for SMTP, port 80 for HTTP - but the other end may well be using any of a random pick from 1024 to 65535. In fact, one mitigation route for a DNS attack figured out a few years ago was the simple act of making your resolver *not* use source port 53 for outbound requests - thus avoiding the simple attack of triggering a resolver to make a lookup, and flooding it with false replies to inject fake results into it's cache. And you still need to know the sequence numbers being used or the fake packets will be dropped as out of sequence. And of course, you need to know when the transmission is taking place. Put another way ... IF you know that two devices are communicating, AND you know when this is taking place, AND you know the port numbers used by both ends, AND you know the packet sequence numbers - then this "new" attack will allow you to use an old attack method by disabling the mitigation put in to block it. But if you're using SSL (or in fact, any half decent form of encryption or data validation) over the connection then the attack would fail anyway. So while it *may* be a risk for certain type of traffic, *iff* the potential rewards are high enough to make the substantial effort worthwhile, I can't help thinking it's a bit like so many other areas of risk mitigation - worrying about a hard attack then there's an easier one. A bit like how (according to stuff I've read) cars are now so hard to drive away without the keys, that the thieves often just nick the keys from the lesser secured house. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Fri, 12 Aug 2016 10:40:43 +0200 aitor_czrwrote: > >> Aitor, does your vdev set the permissions and ownerships correctly? > > > > I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is > > missing in your snapshot. > > No, i'll give the following permissions: > > -rwxr-xr-x I'm talking about e.g. /dev/ttyS0. After a boot it looks like: crw--- 1 root root 4, 64 Aug 11 11:32 ttyS0 After a manual restart of vdev it is what it should be: crw-rw 1 root dialout 4, 64 Aug 11 11:32 ttyS0 $ cat /etc/vdev/actions/ttyS.act [vdev-action] event=add path=^ttyS[0-9]+$ VAR_PERMISSIONS_OWNER=root VAR_PERMISSIONS_GROUP=dialout VAR_PERMISSIONS_MODE=0660 helper=permissions.sh This action is NOT executed during boot, but after a manual restart it is executed. So: what is your ownership/permission of /dev/ttyS0 after a reboot? And how does it look like when you restart vdevd? Do you see the same phenomena? R. -- ___ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +--+ | Richard Lucassen, Utrecht| +--+ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On 11/08/16 20:15, richard lucassen wrote: Thanks. github showed up 24 eudev bundles, with some 2-3 noted as "debian packaged", though gentoo/eudev has most recent activity, so maybe it's good to go from there to begin with. It builds fine, but it does not work yet. I think there are a bunch of other things to do. It adds a usb stick as a character device :-) Yes I've worked out the building, and installing, without /usr prefix, and so far only in a firejail overlay, just to see what it installs. There's nothing for initrd though, is there? Isn't that needed? I guess I should crank up the vdev host again. It's just a qemu client, so I'll need to do some hands-on to attach a usb connector. I can't use the virt-viewer menu, because that'll redirect through a virtio redirection device which indeed is a character device. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, 11 Aug 2016 19:52:34 +1000 Ralph Ronnquistwrote: > Thanks. github showed up 24 eudev bundles, with some 2-3 noted as > "debian packaged", though gentoo/eudev has most recent activity, so > maybe it's good to go from there to begin with. It builds fine, but it does not work yet. I think there are a bunch of other things to do. It adds a usb stick as a character device :-) -- richard lucassen http://contact.xaq.nl/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On 11/08/16 19:38, Jim Murphy wrote: On Thu, Aug 11, 2016 at 3:29 AM, Ralph Ronnquistwrote: Is that the gentoo/eudev bundle? Ralph. From my Funtoo system: * sys-fs/eudev Latest version available: 3.1.5 Latest version installed: 3.1.5 Size of files: 1,705 KiB Homepage: https://github.com/gentoo/eudev Description: Linux dynamic and persistent device naming support (aka userspace devfs) License: LGPL-2.1 MIT GPL-2 * virtual/udev Latest version available: 217 Latest version installed: 217 Size of files: 0 KiB Homepage: Description: Virtual to select between different udev daemon providers License: FWIW. Jim Thanks. github showed up 24 eudev bundles, with some 2-3 noted as "debian packaged", though gentoo/eudev has most recent activity, so maybe it's good to go from there to begin with. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your computer clock: Was:Re: vdev
On 11 Aug 2016, at 14:39, aitor_czrwrote: > I'm not Steven Spielberg :) No, but you've time-warped into the future again ! From the vdev thread : > Received: from [*.*.*.*] (*.*.*.*.dynamic.clientes.euskaltel.es > [*.*.*.*]) (Authenticated sender: ***@***) > by player737.ha.ovh.net (Postfix) with ESMTPSA id 45BAFE009A; > Thu, 11 Aug 2016 10:43:40 +0200 (CEST) > ... > Date: Fri, 12 Aug 2016 10:40:43 +0200 So it's looking very much like your system is insisting on being near-enough exactly one full day ahead of where it should be. That's actually (I think) quite hard to do without either doing it manually or having something screwed up in an "interesting" way. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Fri, 12 Aug 2016 11:24:59 +0200 aitor_czrwrote: > > I just run test mode and for the moment vdevd seems to ignore > > the/etc/vdev/actions/* files. Anyone a hint why vdev ignores these > > files? > > As you would have be able to verify, the location for the actions is: > > //etc/init.d/vdev/actions/*.act/ The init script has the same name as your directory: /etc/init.d/vdev And vdevd is told to use the config file in which is stated: $ grep actions /etc/vdev/vdevd.conf actions=/etc/vdev/actions So, why doesn't it start up succesfully? -- richard lucassen http://contact.xaq.nl/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, Aug 11, 2016 at 3:29 AM, Ralph Ronnquistwrote: > Is that the gentoo/eudev bundle? > Ralph. From my Funtoo system: * sys-fs/eudev Latest version available: 3.1.5 Latest version installed: 3.1.5 Size of files: 1,705 KiB Homepage: https://github.com/gentoo/eudev Description: Linux dynamic and persistent device naming support (aka userspace devfs) License: LGPL-2.1 MIT GPL-2 * virtual/udev Latest version available: 217 Latest version installed: 217 Size of files: 0 KiB Homepage: Description: Virtual to select between different udev daemon providers License: FWIW. Jim ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
Hi Richard, On 08/09/2016 11:14 PM, richard lucassenwrote: I just run test mode and for the moment vdevd seems to ignore the/etc/vdev/actions/* files. Anyone a hint why vdev ignores these files? As you would have be able to verify, the location for the actions is: //etc/init.d/vdev/actions/*.act/ Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
Sorry Ralph, On 08/12/2016 11:01 AM, aitor_czr wrote: Hi Richard, On 08/12/2016 10:40 AM, richard lucassenwrote: I've now made a snapshot of the vdev files from the working disk. > >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz. Did you add *acls/00-whitelist-root.acl* by hand? Here you are the file provided by *VDEVD*: - /usr/sbin/vdvd - /usr/lib/vdev/helpers (that's daemonlet, dev-setup.sh, echo_n, etc...) And here you are the files provided by *EXAMPLE*: - /usr/etc/init.d/vdev - /usr/etc/vdev/actions/*.act - /usr/etc/vdev/ifnames.conf - /usr/etc/vdev/vdevd.conf As you can see, *acls/00-whitelist-root.acl* is missing in the Makefile of "example". Cheers, Aitor. The snapshot was sent by you... Sorry :) Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
Ralph here; proud owner of the snapshot. Well, owner at least ;-) Yes. I added two files that were missing from the debs. I took those from the Jude's github source (from some few days ago; I haven't checked for recent updates). I also added the initramfs building tree, taken from the gituhob source and edited by me. If you want to diff those, you should get the github source. Ralph. On 12/08/16 19:01, aitor_czr wrote: Hi Richard, On 08/12/2016 10:40 AM, richard lucassenwrote: I've now made a snapshot of the vdev files from the working disk. > >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz. Did you add *acls/00-whitelist-root.acl* by hand? Here you are the file provided by *VDEVD*: - /usr/sbin/vdvd - /usr/lib/vdev/helpers (that's daemonlet, dev-setup.sh, echo_n, etc...) And here you are the files provided by *EXAMPLE*: - /usr/etc/init.d/vdev - /usr/etc/vdev/actions/*.act - /usr/etc/vdev/ifnames.conf - /usr/etc/vdev/vdevd.conf As you can see, *acls/00-whitelist-root.acl* is missing in the Makefile of "example". Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Fri, 12 Aug 2016 09:35:27 +0200 aitor_czrwrote: > > Aitor, does your vdev set the permissions and ownerships correctly? > > I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is > missing in your snapshot. It's not my snapshot ;-) And suid is not needed as vdevd is run as root. When you start your computer, are all /dev/* permissions ok? I have to restart vdev manually in order to get the right /dev/* permissions. -- richard lucassen http://contact.xaq.nl/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, 11 Aug 2016 18:29:05 +1000 Ralph Ronnquistwrote: > Is that the gentoo/eudev bundle? I'm not knowledgeable enough to have > a comparative opinion re eudev vs vdev, but I don't mind giving that > a go too. Though I'm not en par with package building... Nor am I. But I can build it, but when adding a usb stick it adds it as a character device :-( And there is little documentation AFAICS. But I have only played with it for half an hour or so :) -- richard lucassen http://contact.xaq.nl/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
Hi Richard, On 08/12/2016 10:40 AM, richard lucassenwrote: I've now made a snapshot of the vdev files from the working disk. > >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz. Did you add *acls/00-whitelist-root.acl* by hand? Here you are the file provided by *VDEVD*: - /usr/sbin/vdvd - /usr/lib/vdev/helpers (that's daemonlet, dev-setup.sh, echo_n, etc...) And here you are the files provided by *EXAMPLE*: - /usr/etc/init.d/vdev - /usr/etc/vdev/actions/*.act - /usr/etc/vdev/ifnames.conf - /usr/etc/vdev/vdevd.conf As you can see, *acls/00-whitelist-root.acl* is missing in the Makefile of "example". Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On 08/12/2016 09:35 AM, aitor_czr wrote: Hi Richard, On 08/11/2016 04:23 AM, richard lucassenwrote: I've now made a snapshot of the vdev files from the working disk. > >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz. > >Thanks ! Aitor, does your vdev set the permissions and ownerships correctly? I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is missing in your snapshot. Aitor. No, i'll give the following permissions: -rwxr-xr-x Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
Is that the gentoo/eudev bundle? I'm not knowledgeable enough to have a comparative opinion re eudev vs vdev, but I don't mind giving that a go too. Though I'm not en par with package building... Ralph. On 11/08/16 18:07, richard lucassen wrote: On Thu, 11 Aug 2016 10:00:10 +0200 richard lucassenwrote: And has someone ever played with eudev? Slackware has moved to eudev. Maybe it's better to try that instead of vdev? We're not alone there :) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, 11 Aug 2016 10:00:10 +0200 richard lucassenwrote: > And has someone ever played with eudev? Slackware has moved to eudev. > Maybe it's better to try that instead of vdev? We're not alone there :) -- richard lucassen http://contact.xaq.nl/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
On Thu, 11 Aug 2016 08:30:16 +1000 Ralph Ronnquistwrote: > Since '$?' is 'the result code of last command", it's IMO best placed > immediately after the command whose result code to capture. Here, > previously, it captured the result of the (failed, as it were) > attempt to echo to the log file, rather than the result of event-put. Ok, but apparently this did not make any difference, although I get the impression that there are only four people in the world to test vdev. Do you also have this phenomena that permissions are not set correctly at boot time? And has someone ever played with eudev? Slackware has moved to eudev. Maybe it's better to try that instead of vdev? -- richard lucassen http://contact.xaq.nl/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] vdev
Hi Richard, On 08/11/2016 04:23 AM, richard lucassenwrote: I've now made a snapshot of the vdev files from the working disk. > >available atwww.realthing.com.au/files/vdev/vdev-snapshot.tgz. > >Thanks ! Aitor, does your vdev set the permissions and ownerships correctly? I have to suid vdevd in debian/vdevd.postinst. The /usr/sbin is missing in your snapshot. Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Bootloaders (was: SystemD's brownie points over non-systemd OSs)
On Thu, 11 Aug 2016 08:48:47 +0200, Arnt wrote in message <20160811084847.31359...@nb6.lan>: > On Wed, 10 Aug 2016 18:45:18 -0400, Steve wrote in message > <20160810184518.2c014...@mydesk.domain.cxm>: > > > Sometimes a good, prophylactic fresh install is just what's needed. > > ..aye, todays El Reg: > * Bungling Microsoft singlehandedly proves that golden > backdoor keys are a terrible idea > Updated: Redmond races to revoke Secure Boot policy > http://go.reg.cx/tdml/c9288/57d49e7f/ffe47801/2n9H ..and then this: * Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc Analysis: TCP networking code scores own goal http://go.reg.cx/tdml/c9288/57d49e7f/ffe47801/2nac -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Bootloaders (was: SystemD's brownie points over non-systemd OSs)
On Wed, 10 Aug 2016 18:45:18 -0400, Steve wrote in message <20160810184518.2c014...@mydesk.domain.cxm>: > Sometimes a good, prophylactic fresh install is just what's needed. ..aye, todays El Reg: * Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea Updated: Redmond races to revoke Secure Boot policy http://go.reg.cx/tdml/c9288/57d49e7f/ffe47801/2n9H -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng